TWM504991U - System of applying mobile certificate online by valid certificate - Google Patents

System of applying mobile certificate online by valid certificate Download PDF

Info

Publication number
TWM504991U
TWM504991U TW104206632U TW104206632U TWM504991U TW M504991 U TWM504991 U TW M504991U TW 104206632 U TW104206632 U TW 104206632U TW 104206632 U TW104206632 U TW 104206632U TW M504991 U TWM504991 U TW M504991U
Authority
TW
Taiwan
Prior art keywords
voucher
client
data
server
valid
Prior art date
Application number
TW104206632U
Other languages
Chinese (zh)
Inventor
Hung-Yi Tu
Tzu-Ching Lien
Chih-Neng Lin
Original Assignee
Taiwan Ca Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Taiwan Ca Inc filed Critical Taiwan Ca Inc
Priority to TW104206632U priority Critical patent/TWM504991U/en
Publication of TWM504991U publication Critical patent/TWM504991U/en

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Description

以有效憑證線上申請行動憑證之系統System for applying for action certificates online with valid credentials

一種憑證申請系統,特別係指一種以有效憑證線上申請行動憑證之系統。A voucher application system, in particular, a system for applying for an action voucher online with a valid voucher.

電子憑證,又稱為數位憑證,是一種用於電腦系統的身分識別機制。電子憑證是身份認證機構加在數位身份證上的一個簽名,這一行為表示身份認證機構已認定擁有數位身分證的使用者。電子憑證是一個或一組電腦檔案,其中記載了擁有人的身份資料及一組公開密碼匙。電子憑證的擁有人可向電腦系統認證自己的身分,從而存取或使用某一特定的電腦服務。An electronic voucher, also known as a digital voucher, is an identity recognition mechanism for computer systems. The electronic voucher is a signature signed by the identity certification authority on the digital ID card. This behavior indicates that the identity certification authority has determined that the user has a digital identity card. An electronic voucher is a file or group of computer files that record the identity of the owner and a set of public keys. The owner of the electronic voucher can authenticate himself to the computer system to access or use a particular computer service.

近年來因為網路安全漸受重視,故使用電子憑證的需求越來越高。然而,目前電子憑證往往需要申請人攜帶身分證明文件親自到申請電子憑證之業務的櫃檯辦理,藉以確認電子憑證之申請人的身分,這對於電子憑證的申請人而言並不方便,連帶造成電子憑證不易普及。In recent years, as network security has become more and more important, the demand for using electronic credentials has become higher and higher. However, at present, the electronic voucher often requires the applicant to carry the identity document in person to go to the counter of the business applying for the electronic voucher, so as to confirm the identity of the applicant of the electronic voucher, which is inconvenient for the applicant of the electronic voucher, and the electronic Certificates are not easy to popularize.

綜上所述,可知先前技術中長期以來一直存在申請電子憑證需要確認申請人身分導致申請人需要親自臨櫃而造成申請人不便的問題,因此有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that in the prior art, there has been a long-standing problem that the application for an electronic voucher needs to confirm the identity of the applicant, which requires the applicant to personally come to the cabinet and cause inconvenience to the applicant. Therefore, it is necessary to propose an improved technical means to solve the problem. .

有鑒於先前技術存在申請電子憑證需要確認申請人身分導致申請人需要親自臨櫃而造成不便的問題,本創作遂揭露一種以有效憑證線上申請行動憑證之系統,其中:In view of the prior art, there is a problem that the application for the electronic voucher needs to confirm that the applicant's identity causes the applicant to be inconvenienced in person, and the present invention discloses a system for applying for an action voucher online with valid voucher, wherein:

本創作所揭露之以有效憑證線上申請行動憑證之系統,至少包含:第一客戶端,用以提供有效憑證;驗證伺服器;註冊伺服器,用以透過驗證伺服器驗證有效憑證,並透過驗證伺服器取得與有效憑證對應之申請者資料,並提供輸入驗證資料,及用以接收第一客戶端使用有效憑證對憑證申請資料簽章所產生之憑證申請簽章,其中,憑證申請資料包含申請者資料及驗證資料;第二客戶端,用以提供輸入確認資料及憑證請求檔;憑證管理伺服器,用以接收註冊伺服器傳送之憑證申請資料及憑證申請簽章,並依據憑證申請簽章驗證憑證申請資料,判斷第二客戶端所傳送之確認資料與憑證申請資料相符時,依據第二客戶端所傳送之憑證請求檔產生行動憑證,並傳送行動憑證至第二客戶端。The system for applying for a valid voucher on the valid voucher is disclosed by the present invention, comprising at least: a first client for providing valid credentials; a verification server; a registration server for verifying the valid voucher through the verification server, and verifying The server obtains the applicant data corresponding to the valid voucher, and provides the input verification data, and receives the voucher application signature issued by the first client using the valid voucher for the voucher application data signature, wherein the voucher application information includes the application The second client is configured to provide input confirmation information and a voucher request file; the voucher management server is configured to receive the voucher application data and the voucher application signature transmitted by the registration server, and apply for signature according to the voucher When the voucher application data is verified and the confirmation data transmitted by the second client is matched with the voucher application data, the action voucher is generated according to the voucher request file transmitted by the second client, and the action voucher is transmitted to the second client.

本創作所揭露之另一種以有效憑證線上申請行動憑證之系統,至少包含:客戶端,用以提供有效憑證及傳送憑證請求檔;入口伺服器,用以提供客戶端連線;驗證伺服器;註冊伺服器,用以透過驗證伺服器驗證由入口伺服器引導客戶端傳送至註冊伺服器之有效憑證,並透過驗證伺服器取得與有效憑證對應之申請者資料,並提供輸入驗證資料,及用以使用有效憑證對憑證申請資料簽章以產生憑證申請簽章,其中,憑證申請資料包含申請者資料及驗證資料;憑證管理伺服器,用以接收註冊伺服器傳送之憑證申請資料及憑證申請簽章,並依據憑證申請簽章驗證憑證申請資料,及用以依據憑證申請資料產生行動憑證,並判斷客戶端所傳送之確認資料與憑證申請資料相符時,依據第二客戶端所傳送之憑證請求檔產生行動憑證,並傳送行動憑證至客戶端。Another system for applying for an action credential with valid credential disclosed in the present invention includes at least: a client for providing valid credential and a credential request file; an entry server for providing client connection; and a verification server; The registration server is configured to verify the valid certificate transmitted by the portal server to the registration server through the verification server, obtain the applicant data corresponding to the valid certificate through the verification server, and provide input verification data, and use The voucher application signature is generated by using the valid voucher to generate the voucher application signature, wherein the voucher application information includes the applicant information and the verification data; the voucher management server is configured to receive the voucher application information and the voucher application signature transmitted by the registration server. And according to the voucher application for signature verification voucher application data, and for generating an action voucher according to the voucher application data, and judging that the confirmation data transmitted by the client matches the voucher application data, according to the voucher request transmitted by the second client The file generates an action credential and transmits the action credential to the client.

本創作所揭露之系統如上,與先前技術之間的差異在於本創作透過客戶端所提供之有效憑證通過驗證伺服器之驗證後,由註冊伺服器確認申請者資料並產生包含申請者資料及驗證資料的憑證申請資料以及相對應的憑證申請簽章,憑證管理伺服器依據憑證申請簽章成功驗證憑證申請資料後,依據憑證申請資料產生行動憑證之註冊資料,並在判斷相同或不同客戶端所傳送的確認資料與憑證申請資料相符時,將所產生之行動憑證傳送給傳送確認資料的客戶端,藉以解決先前技術所存在的問題,並可以達成方便電子憑證申請的技術功效。The system disclosed in this creation is as above, and the difference from the prior art is that after the creation is verified by the verification server through the valid credentials provided by the client, the registration server confirms the applicant data and generates the applicant data and verification. The voucher application data of the data and the corresponding voucher application signature, the voucher management server successfully validates the voucher application data according to the voucher application signature, and generates the registration data of the action voucher according to the voucher application data, and judges the same or different client When the transmitted confirmation data is consistent with the voucher application data, the generated action voucher is transmitted to the client transmitting the confirmation data, thereby solving the problems existing in the prior art, and the technical effect of facilitating the electronic voucher application can be achieved.

以下將配合圖式及實施例來詳細說明本創作之特徵與實施方式,內容足以使任何熟習相關技藝者能夠輕易地充分理解本創作解決技術問題所應用的技術手段並據以實施,藉此實現本創作可達成的功效。The features and implementations of the present invention will be described in detail below in conjunction with the drawings and embodiments, which are sufficient to enable any skilled person to fully understand the technical means to which the present invention solves the technical problems and implement them accordingly. The achievable effect of this creation.

本創作可以提供申請人使用所持有之有效憑證申請行動憑證,並在完成行動憑證的申請後,使用在申請行動憑證之過程中所輸入的申請人資料與驗證資料下載所申請的行動憑證。其中,本創作所提之有效憑證為可以當下通過憑證驗證伺服器(Validation Authority, VA)驗證的憑證,包含但不限於金融憑證、自然人憑證、工商憑證等。This creation can provide the applicant with the valid voucher to apply for the action voucher, and after completing the application for the action voucher, use the applicant's information and verification data entered in the process of applying for the action voucher to download the action voucher applied for. Among them, the valid vouchers mentioned in this creation are vouchers that can be verified by the Validation Authority (VA) at present, including but not limited to financial vouchers, natural person vouchers, business vouchers, and the like.

另外,本創作所提之申請者資料包含但不限於申請人姓名、申請人身分證號、申請人識別資料、及/或通訊資料等可以辨識申請人身分的資料;本創作所提之驗證資料為可以驗證申請人身分的資料,例如,認證碼及/或驗證密碼等,但本創作並不以此為限,其中,通訊資料包含但不限於電子郵件地址、手機號碼等。In addition, the applicant's information provided in this creation includes, but is not limited to, the applicant's name, applicant's identity card number, applicant identification information, and/or communication information, etc., which can identify the identity of the applicant; It is a material that can verify the identity of the applicant, for example, an authentication code and/or a verification password. However, this creation is not limited to this. The communication information includes but is not limited to an email address, a mobile phone number, and the like.

以下先以「第1A圖」本創作所提之以有效憑證線上申請行動憑證之第一種系統架構圖來說明本創作的系統運作。如「第1A圖」所示,本創作之系統含有第一客戶端110a、第二客戶端110b、註冊伺服器130、驗證伺服器140、以及憑證管理伺服器160。The following is a description of the system architecture of the creation of the first system diagram of the valid voucher online application certificate in the "Plan 1A". As shown in "FIG. 1A", the system of the present creation includes a first client 110a, a second client 110b, a registration server 130, an authentication server 140, and a credential management server 160.

第一客戶端110a可以是電腦,也可以是行動裝置,但本創作並不以此為限。The first client 110a may be a computer or a mobile device, but the creation is not limited thereto.

第一客戶端110a可以提供輸入申請者資料及驗證資料。一般而言,第一客戶端110a可以與註冊伺服器130連接,並可以顯示能夠進行行動憑證之申請程序的使用者介面、顯示輸入申請者資料的使用者介面、以及顯示輸入申請者資料及驗證資料的使用者介面。第一客戶端110a所顯示之一個或多個使用者介面的內容可以預先儲存在第一客戶端110a中,也可以接收自註冊伺服器130,本創作並沒有特別的限制。The first client 110a can provide input applicant information and verification materials. In general, the first client 110a can be connected to the registration server 130, and can display a user interface capable of applying for an action certificate, a user interface for displaying input applicant data, and displaying input applicant data and verification. User interface for the data. The content of the one or more user interfaces displayed by the first client 110a may be pre-stored in the first client 110a or may be received from the registration server 130. The present creation is not particularly limited.

其中,上述能夠進行行動憑證之申請程序的使用者介面可以包含畫面變更物件,例如按鍵(button)或連結(link)等,但本創作並不以此為限。當畫面變更物件被點擊時,第一客戶端110a可以由當前的使用者介面切換為顯示申請行動憑證的起始畫面。The user interface capable of applying the action certificate may include a screen change object, such as a button or a link, but the present invention is not limited thereto. When the screen change object is clicked, the first client 110a can be switched from the current user interface to the start screen displaying the application action credential.

第一客戶端110a也負責依據有效憑證登入註冊伺服器130。一般而言,第一客戶端110a所儲存的有效憑證可以為驗證伺服器140所接受,使得第一客戶端110a可以使用有效憑證登入註冊伺服器130,但本創作並不以此為限。The first client 110a is also responsible for logging into the registration server 130 in accordance with valid credentials. In general, the valid credentials stored by the first client 110a can be accepted by the authentication server 140, so that the first client 110a can log in to the registration server 130 using valid credentials, but the present invention is not limited thereto.

第一客戶端110a還負責使用登入註冊伺服器130之有效憑證對與註冊伺服器130所產生之憑證申請資料進行簽章,藉以產生與憑證申請資料相對應的憑證申請簽章。The first client 110a is also responsible for signing the voucher application data generated by the registration server 130 using the valid voucher of the login registration server 130, thereby generating a voucher application signature corresponding to the voucher application data.

第二客戶端110b通常是行動裝置,例如智慧型手機、平板電腦等,但本創作並不以此為限。The second client 110b is usually a mobile device, such as a smart phone, a tablet, etc., but the creation is not limited thereto.

第二客戶端110b負責提供輸入在行動憑證之申請過程中被輸入的申請人資料與驗證資料。在本創作中,第二客戶端110b提供輸入之申請人資料與驗證資料被稱為「確認資料」。第二客戶端110b可以顯示輸入確認資料的使用者介面,藉以提供在被顯示的使用者介面中輸入確認資料。第二客戶端110b提供輸入之確認資料可以包含全部或部份的申請人資料及/或全部或部份的驗證資料,例如,確認資料可以包含申請人識別資料、通訊資料及驗證密碼,也可以只有申請人識別資料與驗證密碼,但本創作並不以此為限。The second client 110b is responsible for providing input of applicant data and verification materials that are input during the application process of the action certificate. In the present creation, the applicant data and the verification data provided by the second client 110b are referred to as "confirmation materials". The second client 110b can display a user interface for inputting confirmation data, thereby providing input of confirmation data in the displayed user interface. The confirmation information provided by the second client 110b may include all or part of the applicant information and/or all or part of the verification data. For example, the confirmation data may include the applicant identification data, the communication data and the verification password, or may be Only applicant identification data and verification password, but this creation is not limited to this.

第二客戶端110b負責傳送被輸入的確認資料及被產生的憑證請求檔至憑證管理伺服器160。一般而言,被第二客戶端110b所產生的憑證請求檔包含第二客戶端110b所產生之金鑰對中的公鑰、使用所產生之金鑰對中之私鑰產生的簽章、以及所產生之金鑰對的使用者資訊。The second client 110b is responsible for transmitting the entered confirmation data and the generated certificate request file to the voucher management server 160. In general, the credential request file generated by the second client 110b includes the public key in the pair of keys generated by the second client 110b, the signature generated using the private key of the generated pair of keys, and User information for the generated key pair.

第二客戶端110b也可以接收憑證管理伺服器160所傳送的行動憑證。一般而言,第二客戶端110b中可以安裝憑證管理程式,憑證管理程式可以儲存並管理第二客戶端110b所下載的行動憑證。The second client 110b can also receive the action credentials transmitted by the credential management server 160. Generally, the credential management program can be installed in the second client 110b, and the credential management program can store and manage the action credential downloaded by the second client 110b.

在部分的實施例中,第二客戶端110b可以接收憑證管理伺服器160透過驗證資料包含之通訊資料所傳送的下載資訊,並依據所接收到的下載資訊至憑證管理伺服器160或其他伺服器(圖中未示)下載並安裝憑證管理程式。其中,第二客戶端110b所接收到的下載資訊為可以使第二客戶端110b下載憑證管理程式的資料,例如憑證管理程式的下載連結(link)、引導第二客戶端110b開啟憑證管理程式之下載畫面的二維條碼或QR code等,但本創作並不以此為限。In some embodiments, the second client 110b may receive the download information transmitted by the credential management server 160 through the communication data included in the verification data, and according to the received download information to the credential management server 160 or other server. (not shown) Download and install the credential manager. The download information received by the second client 110b is information that enables the second client 110b to download the credential management program, such as a download link of the credential management program, and guides the second client 110b to open the credential management program. Download the 2D barcode or QR code of the screen, but this creation is not limited to this.

另外,在部分的實施例中,第二客戶端110b可以執行憑證管理程式,並透過所執行之憑證管理程式提供輸入確認資料、產生憑證請求檔、傳送確認資料及憑證請求檔至憑證管理伺服器160、以及接收並儲存憑證管理伺服器160所傳回的行動憑證。In addition, in some embodiments, the second client 110b may execute a credential management program, and provide input confirmation data, generate a credential request file, transmit confirmation data, and a credential request file to the credential management server through the executed credential management program. 160. And receiving and storing the action credential returned by the credential management server 160.

註冊伺服器130負責接收第一客戶端110a所傳送之有效憑證。在部分的實施例中,註冊伺服器130可以將提供有效憑證的使用者介面傳送到第一客戶端110a顯示。The registration server 130 is responsible for receiving valid credentials transmitted by the first client 110a. In some embodiments, the registration server 130 can communicate the user interface providing the valid credentials to the first client 110a for display.

註冊伺服器130也負責透過驗證伺服器140驗證有效憑證。The registration server 130 is also responsible for verifying valid credentials through the authentication server 140.

註冊伺服器130也可以提供第一客戶端110a輸入申請者資料以及驗證資料。在部份的實施例中,註冊伺服器130可以傳送輸入申請者資料的使用者介面與驗證資料的使用者介面至第一客戶端110a顯示,藉以提供第一客戶端110a在所顯示的使用者介面中輸入申請者資料與驗證資料,並接收第一客戶端110a所傳送的申請者資料與驗證資料。其中,註冊伺服器130可以傳送一個提供輸入申請者資料與驗證資料的使用者介面至第一客戶端110a,或是分別傳送提供輸入申請者資料與驗證資料的不同使用者介面至第一客戶端110a。The registration server 130 can also provide the first client 110a to input the applicant information and the verification data. In some embodiments, the registration server 130 can transmit the user interface of the input applicant profile and the user interface of the verification profile to the first client 110a for display, thereby providing the first client 110a to the displayed user. The applicant data and the verification data are input in the interface, and the applicant data and the verification data transmitted by the first client 110a are received. The registration server 130 can transmit a user interface for inputting the applicant data and the verification data to the first client 110a, or separately transmit different user interfaces for inputting the applicant data and the verification data to the first client. 110a.

註冊伺服器130也負責依據接收自第一客戶端110a的申請者資料及驗證資料產生憑證申請資料,一般而言,註冊伺服器130可以組合申請者資料與驗證資料作為憑證申請資料,或是組合申請者資料、驗證資料、以及其他資料作為憑證申請資料,但本創作並不以此為限。也就是說,本創作所提之憑證申請資料至少包含申請者資料與驗證資料。The registration server 130 is also responsible for generating the voucher application data based on the applicant information and the verification data received from the first client 110a. In general, the registration server 130 can combine the applicant information and the verification data as the voucher application materials, or a combination. Applicant information, verification materials, and other materials are used as voucher application materials, but this creation is not limited to this. In other words, the voucher application materials submitted by this creation contain at least the applicant's information and verification materials.

在部分的實施例中,註冊伺服器130中可以包含註冊模組131,但本創作並不以此為限。在註冊模組131被註冊伺服器130執行後,可以取得申請者資料與驗證資料,並產生憑證申請資料,以及引導第一客戶端110a產生憑證申請簽章。In some embodiments, the registration module 131 may be included in the registration server 130, but the present invention is not limited thereto. After the registration module 131 is executed by the registration server 130, the applicant data and the verification data can be obtained, and the voucher application data can be generated, and the first client 110a can be guided to generate the voucher application signature.

驗證伺服器140負責驗證註冊伺服器130所接收到的有效憑證,並可以在註冊伺服器130所接收到的有效憑證通過驗證後,取得與有效憑證相對應的申請者資料。一般而言,驗證伺服器140即為憑證驗證伺服器。The verification server 140 is responsible for verifying the valid credentials received by the registration server 130, and can obtain the applicant profile corresponding to the valid credentials after the valid credentials received by the registration server 130 are verified. In general, the verification server 140 is a credential verification server.

憑證管理伺服器160負責接收註冊伺服器130所傳送的憑證申請資料以及憑證申請簽章,並依據接收到之憑證申請簽章驗證接收到之憑證申請資料。The voucher management server 160 is responsible for receiving the voucher application data and the voucher application signature transmitted by the registration server 130, and verifying the received voucher application data according to the received voucher application signature.

憑證管理伺服器160也負責在憑證申請資料通過驗證後,依據通過驗證的憑證申請資料產生行動憑證之註冊資料。The voucher management server 160 is also responsible for generating the registration data of the action voucher according to the verified voucher application data after the voucher application data is verified.

在部分的實施例中,憑證管理伺服器160可以在憑證申請資料通過驗證後,依據通過驗證之憑證申請資料所包含的通訊資料傳送憑證管理程式的下載資訊至第二客戶端110b,藉以提供第二客戶端110b下載憑證管理程式。其中,憑證管理伺服器160傳送憑證管理程式之下載資訊的方式隨著通訊資料的不同有所不同,例如,當通訊資料為申請人的電子郵件地址時,憑證管理伺服器160可以將下載資訊以電子郵件傳送給申請人(通常也就是第二客戶端110b的使用者),使得申請人可以依據所接收到之電子郵件中的下載資訊操作第二客戶端110b將管理程式下載到第二客戶端110b安裝,如拍攝QR code等;而若通訊資料為申請人的手機號碼時,憑證管理伺服器160可以將下載資訊以簡訊傳送給申請人,使得申請人可以依據所接收到之簡訊中的下載資訊操作第二客戶端110b下載並安裝管理程式,如點擊下載連結。In some embodiments, the credential management server 160 may transmit the download information of the credential management program to the second client 110b according to the communication data included in the verified voucher application data after the voucher application data is verified, thereby providing the first The second client 110b downloads the credential management program. The manner in which the credential management server 160 transmits the download information of the credential management program varies with the communication data. For example, when the communication material is the email address of the applicant, the credential management server 160 may download the information. The email is transmitted to the applicant (usually the user of the second client 110b), so that the applicant can operate the second client 110b to download the management program to the second client according to the download information in the received email. 110b installation, such as shooting QR code; and if the communication data is the applicant's mobile phone number, the voucher management server 160 can transmit the download information to the applicant in a short message, so that the applicant can download according to the received newsletter. The information operation second client 110b downloads and installs the management program, such as clicking the download link.

另外,在部分的實施例中,憑證管理伺服器160可以接收第二客戶端110b所傳送的憑證請求檔及確認資料,並判斷所接收到的確認資料與註冊伺服器130所傳送的憑證申請資料是否相符。當憑證管理伺服器160判斷所接收到的確認資料與註冊伺服器130所傳送的憑證申請資料相符時,可以產生與憑證請求檔相對應的行動憑證,並依據憑證申請資料傳送所產生之行動憑證至第二客戶端110b。In addition, in some embodiments, the credential management server 160 may receive the credential request file and the confirmation data transmitted by the second client 110b, and determine the received confirmation data and the voucher application data transmitted by the registration server 130. Whether it matches. When the voucher management server 160 determines that the received confirmation data matches the voucher application data transmitted by the registration server 130, the action voucher corresponding to the voucher request file may be generated, and the action voucher generated according to the voucher application data is transmitted. To the second client 110b.

其中,憑證管理伺服器160可以分別比對確認資料所包含的項目與憑證申請資料所包含之對應項目是否相同。當憑證管理伺服器160對確認資料與憑證申請資料所比對之項目的資料都相同時,憑證管理伺服器160可以判斷確認資料與憑證申請資料相符;而若有任何一個進行比對之項目的資料不完全相同,則憑證管理伺服器160可以判斷確認資料與憑證申請資料不相符。例如,若確認資料包含申請人姓名與申請人身分證號等申請者資料、手機號碼與電子郵件地址等通訊資料、以及驗證密碼時,憑證管理伺服器160可以分別比對確認資料所包含的申請人姓名、申請人身分證號、手機號碼、電子郵件地址及驗證密碼與憑證申請資料所包含的申請人姓名、申請人身分證號、手機號碼、電子郵件地址及驗證密碼,並在確認資料所包含的申請人姓名、申請人身分證號、手機號碼、電子郵件地址及驗證密碼都與憑證申請資料所包含的申請人姓名、申請人身分證號、手機號碼、電子郵件地址及驗證密碼都相同時,才可以判斷確認資料與憑證申請資料相符;而若確認資料所包含的申請人姓名、申請人身分證號、手機號碼、電子郵件地址與憑證申請資料所包含的申請人姓名、申請人身分證號、手機號碼、電子郵件地址及驗證密碼有任何一項不同,則憑證管理伺服器160可以判斷確認資料與憑證申請資料不相符。另外,憑證管理伺服器160也可以依據憑證請求檔中的使用者資訊判斷憑證請求檔中之公鑰的使用者是否經過註冊,以及依據憑證請求檔中之公鑰與憑證請求檔中之簽章判斷憑證請求檔是否為確實憑證請求檔中之公鑰的使用者所發出。The voucher management server 160 can compare whether the item included in the confirmation data and the corresponding item included in the voucher application data are the same. When the voucher management server 160 is identical to the item of the item in which the confirmation data and the voucher application data are compared, the voucher management server 160 may determine that the confirmation data matches the voucher application data; and if any one of the items is compared If the data is not identical, the voucher management server 160 can determine that the confirmation data does not match the voucher application data. For example, if the confirmation data includes the applicant's name, the applicant's identity card number, and the like, the communication data such as the mobile phone number and the email address, and the verification password, the voucher management server 160 may separately compare the applications included in the confirmation data. Name of the applicant, applicant's identity card number, mobile phone number, e-mail address, and the name of the applicant, the applicant's identity card number, mobile phone number, e-mail address, and verification password included in the application code and the voucher application data. The name of the applicant, the identity card number of the applicant, the mobile phone number, the e-mail address and the verification password are the same as the applicant's name, applicant ID card number, mobile phone number, e-mail address and verification password included in the voucher application materials. At that time, it can be judged that the confirmation data is consistent with the voucher application data; and if the information of the applicant, the applicant identity card number, the mobile phone number, the e-mail address and the voucher application data, the applicant's name and applicant identity are included in the confirmation data. Certificate number, mobile number, email address and verification password are available A different, credential management server 160 may determine and confirm the information does not match the certificate application materials. In addition, the credential management server 160 may also determine, according to the user information in the credential request file, whether the user of the public key in the voucher request file has been registered, and according to the public key in the voucher request file and the signature in the voucher request file. A judgment is made as to whether the voucher request file is issued by a user who is a public key in the voucher request file.

在部分的實施例中,憑證管理伺服器160也可以判斷傳送憑證管理程式的下載資訊至第二客戶端110b的時間與接收到第二客戶端110b所傳送之確認資料的時間之時間差是否符合預定值,也就是判斷產生行動憑證之註冊資料的時間與接收到第二客戶端110b所傳送之確認資料的時間之時間差是否符合預定值,並在時間差符合預定值時,才會產生行動憑證。In some embodiments, the credential management server 160 may also determine whether the time difference between the time when the download information of the credential management program is transmitted to the second client 110b and the time when the confirmation data transmitted by the second client 110b is received is in accordance with the predetermined time. The value, that is, whether the time difference between the time when the registration data of the action voucher is generated and the time when the confirmation data transmitted by the second client 110b is received satisfies the predetermined value, and the action voucher is generated when the time difference meets the predetermined value.

以下再以「第1B圖」本創作所提之以有效憑證線上申請行動憑證之第二種系統架構圖來說明本創作的系統運作。如「第1B圖」所示,本創作之系統含有客戶端110、入口伺服器120、註冊伺服器130、驗證伺服器140、以及憑證管理伺服器160。The system operation of this creation is illustrated by the second system architecture diagram of the valid voucher online application for action certificate in "1B". As shown in "FIG. 1B", the system of the present creation includes a client 110, an entry server 120, a registration server 130, an authentication server 140, and a credential management server 160.

「第1B圖」中之客戶端110的運作與「第1A圖」中之第一客戶端110a與第二客戶端110b大部份相同。也就是說,客戶端110可以顯示能夠進行行動憑證之申請程序的使用者介面以及在申請行動憑證的過程中顯示輸入申請者資料與驗證資料的使用者介面,也負責提供輸入確認資料與產生憑證請求檔,並將被輸入的確認資料及被產生的憑證請求檔傳送到憑證管理伺服器160,以及接收憑證管理伺服器160所傳回的行動憑證。另外,客戶端110也可以接收憑證管理伺服器160透過驗證資料包含之通訊資料所傳送的下載資訊,並依據所接收到的下載資訊至憑證管理伺服器160或其他伺服器下載並安裝憑證管理程式。The operation of the client 110 in the "FIG. 1B" is mostly the same as the first client 110a and the second client 110b in the "FIG. 1A". That is to say, the client 110 can display the user interface of the application procedure for the action credential and display the user interface for inputting the applicant data and the verification data in the process of applying for the action credential, and also provide the input confirmation data and the generated credential. The file is requested, and the entered confirmation data and the generated voucher request file are transmitted to the voucher management server 160, and the action voucher returned by the voucher management server 160 is received. In addition, the client 110 can also receive the download information transmitted by the credential management server 160 through the communication data included in the verification data, and download and install the credential management program according to the received download information to the credential management server 160 or other server. .

與「第1A圖」中之第一客戶端110a與第二客戶端110b都不同的是,客戶端110不會直接將有效憑證傳送到註冊伺服器130,而是先與入口伺服器120連接,再依據入口伺服器120的引導,將有效憑證傳送到註冊伺服器130。其中,入口伺服器120可以傳送將有效憑證傳送到註冊伺服器130的指示給客戶端110,使得客戶端110依據所所接收到的指示與註冊伺服器130連接,並傳送有效憑證,但本創作並不以此為限,在部分的實施例中,入口伺服器120也可能直接將客戶端110導向到註冊伺服器130。Different from the first client 110a and the second client 110b in the "FIG. 1A", the client 110 does not directly transmit the valid credentials to the registration server 130, but first connects to the portal server 120. The valid credentials are then transmitted to the registration server 130 in accordance with the guidance of the portal server 120. The portal server 120 can transmit an indication of transmitting the valid credential to the registration server 130 to the client 110, so that the client 110 connects to the registration server 130 according to the received indication, and transmits a valid credential, but the creation Without being limited thereto, in some embodiments, the portal server 120 may also directly direct the client 110 to the registration server 130.

另外,在部分的實施例中,客戶端110可以執行合作應用程式,合作應用程式在被客戶端110執行後,可以顯示能夠進行行動憑證之申請程序的使用者介面。In addition, in some embodiments, the client 110 can execute a collaborative application, and after being executed by the client 110, the collaborative application can display a user interface capable of applying for the action credential.

在部分的實施例中,若存在多個合作目標所提供的註冊伺服器130,則入口伺服器120可以將選擇使用合作目標之服務的使用者介面提供給客戶端110顯示,使得客戶端110可以與被選擇之合作目標相對應的註冊伺服器130連接,並傳送有效憑證。例如,有兩台註冊伺服器130,其中一台提供證券交易管理的服務,另一台提供繳稅的服務,入口伺服器120提供給客戶端110的使用者介面可以包含與證券交易管理對應的物件以及與繳稅對應的物件,當提供選擇證券交易管理或繳稅的物件被客戶端110選擇時,入口伺服器120可以依據客戶端110選擇選擇證券交易管理或繳稅的物件而將有效憑證傳送到提供證券交易管理之服務或繳稅服務的註冊伺服器130。In some embodiments, if there are multiple registration servers 130 provided by the cooperation target, the portal server 120 may provide the user interface that selects the service using the cooperation target to the client 110 for display, so that the client 110 can The registration server 130 corresponding to the selected cooperation target is connected and transmits a valid credential. For example, there are two registration servers 130, one of which provides a service for securities transaction management, and the other provides a service for tax payment. The user interface provided by the portal server 120 to the client 110 may include a corresponding transaction management. The object and the item corresponding to the tax payment, when the item providing the selected securities transaction management or tax payment is selected by the client 110, the portal server 120 may select the valid transaction certificate according to the object selected by the client 110 to select the securities transaction management or tax payment. It is transmitted to the registration server 130 that provides the service of the securities transaction management or the tax payment service.

註冊伺服器130、驗證伺服器140、憑證管理伺服器160均與「第1A圖」中之註冊伺服器130、驗證伺服器140、憑證管理伺服器160相似,故不再詳加描述。The registration server 130, the verification server 140, and the credential management server 160 are similar to the registration server 130, the verification server 140, and the credential management server 160 in the "A1A", and therefore will not be described in detail.

另外,本創作所提之系統架構也可以如「第1C圖」所示,在「第1C圖」,客戶端110被分為第二客戶端110b與第三客戶端110c兩個裝置,其中,第二客戶端110b與「第1A圖」中的第二客戶端110b相同。但第三客戶端110c則可以先與入口伺服器120連接,再依據入口伺服器120的引導,將有效憑證傳送到註冊伺服器130,以及可以顯示能夠進行行動憑證之申請程序的使用者介面以及顯示在申請行動憑證的過程中顯示輸入驗證資料的使用者介面。In addition, the system architecture of the present invention can also be as shown in the "1C". In the "1C", the client 110 is divided into two devices, a second client 110b and a third client 110c. The second client 110b is the same as the second client 110b in "Plan 1A". However, the third client 110c may first connect to the portal server 120, and then transfer the valid credentials to the registration server 130 according to the guidance of the portal server 120, and may display a user interface capable of applying the action certificate and The user interface for entering the verification data is displayed during the process of applying for the action certificate.

入口伺服器120、註冊伺服器130、驗證伺服器140、憑證管理伺服器160均與「第1B圖」中之入口伺服器120、註冊伺服器130、驗證伺服器140、憑證管理伺服器160相似,故不再詳加描述。The portal server 120, the registration server 130, the verification server 140, and the credential management server 160 are similar to the portal server 120, the registration server 130, the authentication server 140, and the credential management server 160 in the "FIG. 1B". Therefore, it will not be described in detail.

接著以一個實施例來解說本創作的運作系統,並請參照「第2A圖」本創作所提之以有效憑證線上申請行動憑證之方法流程圖。在本實施例中,假設第一客戶端110a為個人電腦,註冊伺服器130為網頁伺服器,但本創作所提之第一客戶端110a與註冊伺服器130並不以上述為限。Next, the operation system of the present creation is explained by an embodiment, and please refer to the flow chart of the method for applying for the action voucher on the valid voucher line in the "Phase 2A". In this embodiment, it is assumed that the first client 110a is a personal computer, and the registration server 130 is a web server. However, the first client 110a and the registration server 130 mentioned in the present application are not limited to the above.

當使用者操作第一客戶端110a瀏覽註冊伺服器130所提供的網頁時,若註冊伺服器130所提供的網頁中包含申請行動憑證的按鍵或連結,且使用者操作第一客戶端點擊(click)申請行動憑證的按鍵或連結後,第一客戶端110a可以讀取使用者的有效憑證,並將所讀出的有效憑證傳送到註冊伺服器130。When the user operates the first client 110a to browse the webpage provided by the registration server 130, if the webpage provided by the registration server 130 includes a button or a link for applying the action credential, and the user operates the first client click (click) After the button or link of the action certificate is applied, the first client 110a can read the valid credential of the user and transmit the read valid credential to the registration server 130.

在註冊伺服器130接收到第一客戶端110a所提供的有效憑證(步驟210)後,註冊伺服器130可以透過驗證伺服器140驗證有效憑證(步驟221)。After the registration server 130 receives the valid credentials provided by the first client 110a (step 210), the registration server 130 can verify the valid credentials via the verification server 140 (step 221).

在驗證伺服器140驗證註冊伺服器130所接收到的有效憑證後,可以將驗證結果傳回註冊伺服器130,註冊伺服器130可以依據驗證伺服器140所傳送的驗證結果判斷有效憑證是否通過驗證(步驟225)。若註冊伺服器130判斷所接收到的有效憑證沒有通過驗證伺服器140的驗證,則註冊伺服器130將不會進行後續動作,使得申請行動憑證的程序結束。After the verification server 140 verifies the valid certificate received by the registration server 130, the verification result can be transmitted back to the registration server 130, and the registration server 130 can determine whether the valid certificate passes the verification according to the verification result transmitted by the verification server 140. (Step 225). If the registration server 130 determines that the received valid credentials have not passed the verification by the verification server 140, the registration server 130 will not perform subsequent actions, so that the procedure for applying the action credentials ends.

而若註冊伺服器130所接收到的有效憑證通過驗證伺服器140的驗證,則註冊伺服器130可以提供第一客戶端110a輸入申請者資料以及驗證資料(步驟230)。在本實施例中,假設註冊伺服器130提供輸入的申請者資料與驗證資料包含使用者的姓名、身分證號、電子郵件帳號、手機號碼、驗證密碼。If the valid credential received by the registration server 130 passes the verification by the verification server 140, the registration server 130 may provide the first client 110a to input the applicant data and the verification data (step 230). In this embodiment, it is assumed that the applicant information and the verification data provided by the registration server 130 include the user's name, identity card number, email account number, mobile phone number, and verification password.

在註冊伺服器130提供第一客戶端110a輸入申請者資料與驗證資料(步驟230)後,第一客戶端110a可以使用先前傳送到註冊伺服器130的有效憑證對包含申請者資料及驗證資料之憑證申請資料簽章以產生憑證申請簽章(步驟240),並將所產生之憑證申請簽章傳送給註冊伺服器130。在本實施例中,假設註冊伺服器130中執行有註冊模組131,註冊模組131可以接收驗證伺服器140所傳送的申請者資料以及接收第一客戶端110a所傳送的驗證資料,並使用所接收到的申請者資料、驗證資料、以及其他資料組成憑證申請資料,接著,第一客戶端110a可以使用通過驗證伺服器140驗證的有效憑證對註冊模組131所組成的憑證申請資料進行簽章的運算,如此,第一客戶端110a在完成簽章運算後,可以產生與憑證申請資料相對應的憑證申請簽章,並將所產生的憑證申請簽章傳送到註冊模組131,之後,註冊模組131便可以將所產生的憑證申請資料以及憑證申請簽章傳送到憑證管理伺服器160。After the registration server 130 provides the first client 110a to input the applicant profile and the verification profile (step 230), the first client 110a may use the valid credentials previously transmitted to the registration server 130 to include the applicant profile and the verification profile. The voucher application data signature is issued to generate a voucher application signature (step 240), and the generated voucher application signature is transmitted to the registration server 130. In this embodiment, it is assumed that the registration module 131 is executed in the registration server 130, and the registration module 131 can receive the applicant data transmitted by the verification server 140 and receive the verification data transmitted by the first client 110a, and use the verification data. The received applicant information, the verification data, and other materials constitute the voucher application data. Then, the first client 110a can use the valid voucher verified by the verification server 140 to sign the voucher application data composed by the registration module 131. The operation of the chapter, in this way, after completing the signature operation, the first client 110a may generate a voucher application signature corresponding to the voucher application data, and transmit the generated voucher application signature to the registration module 131, after which, The registration module 131 can transmit the generated voucher application information and the voucher application signature to the voucher management server 160.

在憑證管理伺服器160接收到註冊伺服器130所傳送的憑證申請資料以及憑證申請簽章(步驟249)後,憑證管理伺服器160可以依據憑證申請簽章對憑證申請資料進行驗證(步驟251),並在驗證後產生相對應的驗證結果。After the voucher management server 160 receives the voucher application data and the voucher application signature (step 249) transmitted by the registration server 130, the voucher management server 160 may verify the voucher application data according to the voucher application signature (step 251). And after verification, the corresponding verification result is produced.

憑證管理伺服器160可以依據所產生的驗證結果判斷憑證申請資料是否通過驗證(步驟255)。若憑證申請資料沒有通過憑證管理伺服器160的驗證,則憑證管理伺服器160將不會進行後續動作,使得申請行動憑證的程序結束。The voucher management server 160 can determine whether the voucher application material has passed the verification based on the generated verification result (step 255). If the voucher application data is not verified by the voucher management server 160, the voucher management server 160 will not perform subsequent actions, so that the procedure for applying the action voucher ends.

而若憑證管理伺服器160判斷憑證申請資料通過驗證,則憑證管理伺服器160可以依據憑證申請資料產生行動憑證的註冊資料(步驟260),並依據憑證申請資料或註冊資料中的通訊資料傳送憑證管理程式的下載資訊給使用者。在本實施例中,假設憑證管理伺服器160可以依據憑證申請資料中的電子郵件地址透過電子郵件傳送憑證管理程式的下載連結與下載QR code給使用者,使用者可以操作第一客戶端110a下載並讀取憑證管理伺服器160所傳送的電子郵件,藉以取得憑證管理程式的下載連結或下載QR code,或操作第二客戶端110b依據使用者所取得的下載連結下載憑證管理程式或操作第二客戶端110b拍攝下載QR code後進入憑證管理程式的下載畫面;憑證管理伺服器160也可以依據憑證申請資料中的手機號碼(通訊資料)透過簡訊傳送憑證管理程式的下載連結或下載QR code至第二客戶端110b,使得第二客戶端110b可以依據所接收到之簡訊中的下載連結或下載QR code下載憑證管理程式。If the voucher management server 160 determines that the voucher application data has passed the verification, the voucher management server 160 may generate the registration data of the action voucher according to the voucher application data (step 260), and transmit the voucher according to the voucher application data or the communication data in the registration data. The download information of the management program is given to the user. In this embodiment, it is assumed that the credential management server 160 can transmit the QR code to the user via the e-mail address in the voucher application data by e-mail, and the user can operate the first client 110a to download. And reading the email transmitted by the credential management server 160, thereby obtaining the download link of the credential management program or downloading the QR code, or operating the second client 110b to download the credential management program or operating the second according to the download link obtained by the user. The client 110b captures the download code of the credential management program after downloading the QR code; the credential management server 160 can also transmit the credential management program download link or download the QR code to the mobile phone number (communication data) in the voucher application data. The second client 110b enables the second client 110b to download the credential management program according to the download link in the received newsletter or download the QR code.

在第二客戶端110b下載並安裝憑證管理程式後,憑證管理程式可以透過第二客戶端110b提供輸入確認資料,並產生憑證請求檔,以及將被輸入的確認資料及被產生的憑證請求檔傳送到憑證管理伺服器160(步驟280)。在本實施例中,假設憑證管理程式可以如「第2B圖」之流程所示,先提供使用者輸入在申請過程中所輸入的身份證號,並可以透過第二客戶端110b將被輸入的身份證號傳送至憑證管理伺服器160(步驟282),憑證管理伺服器160判斷所接收到的身份證號存在於所產生的註冊資料中時,可以依據具有身份證號之註冊資料所包含的通訊資料傳送認證碼給使用者(步驟284),使得使用者可以將認證碼與申請過程中所輸入的驗證密碼輸入至憑證管理程式,憑證管理程式可以再次透過第二客戶端110b將被輸入的認證碼與驗證密碼傳送至憑證管理伺服器160(步驟286)。After the second client 110b downloads and installs the credential management program, the credential management program can provide the input confirmation data through the second client 110b, and generate the credential request file, and transmit the confirmed confirmation data and the generated credential request file. The credential management server 160 is accessed (step 280). In this embodiment, it is assumed that the credential management program can provide the ID number entered by the user during the application process as shown in the flow of "FIG. 2B", and can be input through the second client 110b. The ID number is transmitted to the credential management server 160 (step 282), and the credential management server 160 determines that the received ID number exists in the generated registration data, and may be included in the registration data having the ID number. The communication data is transmitted to the user (step 284), so that the user can input the authentication code and the verification password input during the application process to the voucher management program, and the voucher management program can be input again through the second client 110b. The authentication code and verification password are passed to the credential management server 160 (step 286).

繼續回到「第2A圖」,在第二客戶端110b將確認資料及憑證請求檔傳送到憑證管理伺服器160(步驟280)後,憑證管理伺服器160可以判斷所接收到的確認資料是否與註冊資料相符(步驟291)。在本實施例中,假設第二客戶端110b提供使用者所輸入的確認資料包含使用者認證碼及確認密碼,憑證管理伺服器160可以在所產生之註冊資料中搜尋,藉以搜尋出包含與所接收到之確認資料中所包含之使用者識別資料的註冊資料,並比對所搜尋出之註冊資料所包含的認證碼、驗證密碼是否與確認資料中所包含的認證碼、確認密碼相同,若否,憑證管理伺服器160將不會進行後續動作,也就是不會將行動憑證提供給第二客戶端110b。Continuing back to "FIG. 2A", after the second client 110b transmits the confirmation data and the voucher request file to the voucher management server 160 (step 280), the voucher management server 160 can determine whether the received confirmation data is The registration data matches (step 291). In this embodiment, it is assumed that the second client 110b provides the confirmation data input by the user including the user authentication code and the confirmation password, and the voucher management server 160 can search the generated registration data to search for the inclusion and the content. The registration data of the user identification data included in the confirmation data received, and comparing the authentication code and the verification password included in the searched registration data with the authentication code and the confirmation password included in the confirmation data, if No, the credential management server 160 will not perform subsequent actions, that is, the action credential will not be provided to the second client 110b.

而若被搜尋出之註冊資料所包含的認證碼、驗證密碼與確認資料中所包含的認證碼、確認密碼相同,則憑證管理伺服器160可以判斷所接收到的確認資料與註冊資料相符,並可以依據被接收到之憑證請求檔中的公鑰產生行動憑證,以及將所產生的行動憑證提供給第二客戶端110b(步驟295)。If the authentication code and the verification password included in the searched registration information are the same as the authentication code and the confirmation password included in the confirmation data, the certificate management server 160 can determine that the received confirmation data matches the registration data, and The action credentials may be generated based on the public key in the received credential request file, and the generated action credentials are provided to the second client 110b (step 295).

第二客戶端110b在接收到憑證管理伺服器160所傳送的行動憑證後,可以儲存所接收到的行動憑證。在本實施例中,假設第二客戶端110b是透過所執行的管理程式儲存並管理所接收到的行動憑證。如此,透過本創作,使用者便可以使用有效憑證申請行動憑證,無須再次臨櫃才能申請行動憑證。After receiving the action credential transmitted by the credential management server 160, the second client 110b may store the received action credential. In this embodiment, it is assumed that the second client 110b stores and manages the received action credentials through the executed management program. In this way, through this creation, the user can apply for a mobile voucher using a valid voucher, and can apply for an action voucher without having to re-apply.

在上述的實施例中,若第一客戶端110a與第二客戶端110b是相同的裝置,假設是智慧型手機(客戶端110),但本創作並不以為限。In the above embodiment, if the first client 110a and the second client 110b are the same device, it is assumed to be a smart phone (client 110), but the creation is not limited.

則在客戶端110執行應用程式時,被執行之應用程式顯示包含申請行動憑證的按鍵或連結,且使用者操作客戶端110點擊(click)申請行動憑證的按鍵或連結後,如「第2C圖」之流程所示,客戶端110所執行的應用程式可以連線到入口伺服器120(步驟211)。When the client 110 executes the application, the executed application displays a button or link containing the application action certificate, and the user operates the client 110 to click (click) the button or link for applying the action certificate, such as "2C" As shown in the flow, the application executed by the client 110 can be connected to the portal server 120 (step 211).

接著,入口伺服器120可以引導客戶端110讀取使用者的有效憑證,並將所讀出的有效憑證傳送到註冊伺服器130(步驟215),使得註冊伺服器130可以接收到客戶端110所提供的有效憑證(步驟210)。Next, the portal server 120 can direct the client 110 to read the valid credentials of the user and transfer the read valid credentials to the registration server 130 (step 215), so that the registration server 130 can receive the client 110. A valid credential is provided (step 210).

在上述的實施例中,若入口伺服器120與多個註冊伺服器130連接,在入口伺服器120引導客戶端110將有效憑證傳送到註冊伺服器130(步驟215)前,入口伺服器120可以提供客戶端110選擇一個註冊伺服器130。例如,假設入口伺服器120為網頁伺服器,且入口伺服器120與提供稅務服務的註冊伺服器130以及可以提供股務服務的註冊伺服器130連接,則在客戶端110與入口伺服器120連接後,入口伺服器120可以將選擇稅務服務或股務服務之註冊伺服器130的網頁傳送至客戶端110,使客戶端110的使用者選擇與客戶端110傳送之有效憑證對應的註冊伺服器130為稅務服務或股務服務之註冊伺服器130,並依據客戶端110之使用者的選擇,引導客戶端110與被選擇的註冊伺服器130連接。In the above embodiment, if the portal server 120 is connected to the plurality of registration servers 130, the portal server 120 may be before the portal server 120 directs the client 110 to transmit the valid credentials to the registration server 130 (step 215). The providing client 110 selects a registration server 130. For example, if the portal server 120 is a web server, and the portal server 120 is connected to the registration server 130 that provides the tax service and the registration server 130 that can provide the stock service, the client 110 is connected to the portal server 120. Thereafter, the portal server 120 may transmit a webpage of the registration server 130 that selects the tax service or the stock service to the client 110, so that the user of the client 110 selects the registration server 130 corresponding to the valid credential transmitted by the client 110. The registration server 130 for the tax service or the stock service, and in accordance with the selection of the user of the client 110, directs the client 110 to connect with the selected registration server 130.

綜上所述,可知本創作與先前技術之間的差異在於具有客戶端所提供之有效憑證通過驗證伺服器之驗證後,由註冊伺服器產生包含申請者資料及驗證資料的憑證申請資料以及由客戶端簽署之與憑證申請資料相對應的憑證申請簽章,憑證管理伺服器依據憑證申請簽章成功驗證憑證申請資料後,依據憑證申請資料產生行動憑證之註冊資料,並在判斷相同或不同客戶端所傳送的確認資料與憑證申請資料相符時,將依客戶端所傳送的憑證請求檔所產生的行動憑證傳送給傳送確認資料與憑證請求檔的客戶端之技術手段,藉由此一技術手段可以解決先前技術所存在申請電子憑證需要確認申請人身分導致申請人需要親自臨櫃而造成申請人不便的問題,進而達成方便電子憑證申請的技術功效。In summary, it can be seen that the difference between the present creation and the prior art is that after the valid certificate provided by the client is verified by the verification server, the registration server generates the voucher application data including the applicant data and the verification data, and The voucher application signature signed by the client corresponding to the voucher application data, the voucher management server successfully validates the voucher application data according to the voucher application signature, and generates the registration data of the action voucher according to the voucher application data, and judges the same or different customers When the confirmation data transmitted by the terminal is consistent with the voucher application data, the action voucher generated by the voucher request file transmitted by the client is transmitted to the technical means of the client transmitting the confirmation data and the voucher request file, thereby using a technical means It can solve the problem that the application for the electronic voucher in the prior art needs to confirm the identity of the applicant, and the applicant needs to personally come to the cabinet to cause the inconvenience of the applicant, thereby achieving the technical effect of facilitating the application of the electronic voucher.

再者,本創作可實現於硬體、軟體或硬體與軟體之組合中,亦可在電腦系統中以集中方式實現或以不同元件散佈於若干互連之電腦系統的分散方式實現。Furthermore, the creation can be implemented in hardware, software or a combination of hardware and software, or in a centralized manner in a computer system or in a distributed manner in which different components are interspersed among several interconnected computer systems.

雖然本創作所揭露之實施方式如上,惟所述之內容並非用以直接限定本創作之專利保護範圍。任何本創作所屬技術領域中具有通常知識者,在不脫離本創作所揭露之精神和範圍的前提下,對本創作之實施的形式上及細節上作些許之更動潤飾,均屬於本創作之專利保護範圍。本創作之專利保護範圍,仍須以所附之申請專利範圍所界定者為準。Although the embodiments disclosed in the present disclosure are as above, the contents are not intended to directly limit the scope of the patent protection of the present invention. Anyone who has the usual knowledge in the technical field of this creation, without any departure from the spirit and scope disclosed in this creation, makes some modifications to the form and details of the implementation of this creation, which are the patent protection of this creation. range. The scope of patent protection of this creation must be determined by the scope of the attached patent application.

110‧‧‧客戶端
110a‧‧‧第一客戶端
110b‧‧‧第二客戶端
110c‧‧‧第三客戶端
120‧‧‧入口伺服器
130‧‧‧註冊伺服器
131‧‧‧註冊模組
140‧‧‧驗證伺服器
160‧‧‧憑證管理伺服器
步驟210‧‧‧註冊伺服器接收第一客戶端所提供之有效憑證
步驟211‧‧‧第一客戶端連線至入口伺服器
步驟215‧‧‧入口伺服器引導第一客戶端傳送有效憑證至註冊伺服器
步驟221‧‧‧註冊伺服器透過驗證伺服器驗證有效憑證
步驟225‧‧‧註冊伺服器判斷有效憑證是否通過驗證
步驟230‧‧‧註冊伺服器提供第一客戶端輸入申請人資料及驗證資料
步驟240‧‧‧註冊伺服器接收第一客戶端使用有效憑證對憑證申請資料簽章所產生之憑證申請簽章
步驟249‧‧‧憑證管理伺服器接收註冊伺服器傳送之憑證申請資料及憑證申請簽章
步驟251‧‧‧憑證管理伺服器依據憑證申請簽章驗證憑證申請資料
步驟255‧‧‧憑證管理伺服器判斷憑證申請資料是否通過驗證
步驟260‧‧‧憑證管理伺服器依據憑證申請資料產生行動憑證之註冊資料
步驟280‧‧‧第二客戶端提供輸入確認資料,並傳送確認資料及憑證請求檔至憑證管理伺服器
步驟282‧‧‧第二客戶端傳送身分識別資料至憑證管理伺服器
步驟284‧‧‧憑證管理伺服器傳送認證碼至第二客戶端
步驟286‧‧‧第二客戶端傳送認證碼與驗證密碼至憑證管理伺服器
步驟291‧‧‧憑證管理伺服器判斷確認資料是否與憑證申請資料相符
步驟295‧‧‧憑證管理伺服器傳送依據憑證請求檔產生之行動憑證至第二客戶端110‧‧‧Client
110a‧‧‧First client
110b‧‧‧second client
110c‧‧‧ third client
120‧‧‧Entry server
130‧‧‧Registered server
131‧‧‧ Registration Module
140‧‧‧Verification server
160‧‧‧Voucher Management Server Step 210‧‧‧ The registration server receives the valid credentials provided by the first client. Step 211‧‧‧Connect the first client to the portal server Step 215‧‧ Enter the server The first client transmits a valid credential to the registration server. Step 221‧‧ The registration server verifies the valid credential through the authentication server. Step 225‧‧ The registration server determines whether the valid credential has passed the verification step 230‧‧‧ Registration server provides the first A client enters the applicant information and verification data. Step 240‧‧ The registration server receives the first client to use the valid certificate to sign the voucher for the voucher application data signature. Step 249‧‧‧Voucher management server receives registration Voucher application information and voucher application signature step transmitted by the server 251‧‧‧Voucher management server according to the voucher application signature verification voucher application data Step 255‧‧ The voucher management server judges whether the voucher application data has passed the verification step 260‧ ‧ The voucher management server generates the registration data of the action voucher according to the voucher application data. Step 280 ‧ The second client provides the input confirmation data and transmits the confirmation data and the voucher request file to the voucher management server. Step 282‧‧ The second client transmits the identity identification data to the voucher management server Step 284‧‧ 凭证Voucher management servo The authentication code is transmitted to the second client. Step 286‧‧ The second client transmits the authentication code and the verification password to the credential management server. Step 291‧‧ The credential management server determines whether the confirmation data matches the voucher application data. ‧ The credential management server transmits the action credential generated according to the credential request file to the second client

第1A圖為本創作所提之以有效憑證線上申請行動憑證之系統架構圖。 第1B圖為本創作所提之另一種以有效憑證線上申請行動憑證之系統架構圖。 第1C圖為本發明所提之另一種以有效憑證線上申請行動憑證之系統架構圖。 第2A圖為本創作所提之以有效憑證線上申請行動憑證之方法流程圖。 第2B圖為本創作所提之客戶端下載憑證管理程式之方法流程圖。 第2C圖為本創作所提之透過憑證管理程式下載行動憑證之方法流程圖。Figure 1A is a system architecture diagram of the online application for action voucher with valid credentials. Figure 1B is another system architecture diagram of the online application for action voucher with valid credentials. FIG. 1C is a diagram showing another system architecture for applying for an action voucher on a valid voucher line according to the present invention. Figure 2A is a flow chart of the method for applying for an action voucher on a valid voucher line. Figure 2B is a flow chart of the method for downloading the credential management program of the client provided by the author. Figure 2C is a flow chart of the method for downloading action credentials through the credential management program proposed by the author.

110a‧‧‧第一客戶端 110a‧‧‧First client

110b‧‧‧第二客戶端 110b‧‧‧second client

130‧‧‧註冊伺服器 130‧‧‧Registered server

131‧‧‧註冊模組 131‧‧‧ Registration Module

140‧‧‧驗證伺服器 140‧‧‧Verification server

160‧‧‧憑證管理伺服器 160‧‧‧Voucher Management Server

Claims (10)

一種以有效憑證線上申請行動憑證之系統,該系統至少包含: 一第一客戶端,用以提供一有效憑證; 一驗證伺服器; 一註冊伺服器,用以透過該驗證伺服器驗證該有效憑證,及用以於該有效憑證通過驗證時,提供該第一客戶端輸入一申請人資料及一驗證資料,並透過該第一客戶端使用該有效憑證對一憑證申請資料簽章以產生一憑證申請簽章,其中,該憑證申請資料包含該申請者資料及該驗證資料; 一第二客戶端,用以提供輸入一確認資料及傳送一憑證請求檔;及 一憑證管理伺服器,用以接收該註冊伺服器傳送之該憑證申請資料及該憑證申請簽章,並依據該憑證申請簽章驗證該憑證申請資料,及用以依據該憑證申請資料產生一行動憑證之一註冊資料,並判斷該第二客戶端所傳送之該確認資料與該憑證申請資料相符時,依據該第二客戶端所傳送之憑證請求檔產生該行動憑證,並傳送該行動憑證至該第二客戶端。A system for applying for an action voucher on a valid voucher line, the system comprising: a first client for providing a valid credential; a verification server; and a registration server for verifying the valid credential through the verification server And when the valid certificate is verified, the first client is provided to input an applicant data and a verification data, and the first client uses the valid certificate to sign a voucher application data to generate a certificate. Applying for a signature, wherein the voucher application information includes the applicant information and the verification data; a second client for providing input of a confirmation data and transmitting a voucher request file; and a voucher management server for receiving The voucher application data and the voucher application signature transmitted by the registration server, and the voucher application certificate is verified according to the voucher application certificate, and a registration data for generating a action voucher according to the voucher application data is determined, and the When the confirmation data transmitted by the second client matches the certificate application data, according to the second client Generating the authentication request action document file, and transmits the document operation to the second client. 如申請專利範圍第1項所述之以有效憑證線上申請行動憑證之系統,其中該系統更包含一入口伺服器,用以提供該第一客戶端連線,並引導該第一客戶端傳送該有效憑證至該註冊伺服器。The system for applying for a mobile voucher on a valid voucher as described in claim 1 wherein the system further includes an entry server for providing the first client connection and directing the first client to transmit the Valid credentials to the registration server. 如申請專利範圍第1項所述之以有效憑證線上申請行動憑證之系統,其中該憑證管理伺服器更用以傳送一憑證管理程式之一下載資訊,且該第二客戶端更用以依據該下載資訊下載該憑證管理程式,其中,該憑證管理程式用以儲存該行動憑證。The system for applying for an action voucher online with a valid voucher as described in claim 1, wherein the voucher management server is further configured to transmit one of the credential management programs to download information, and the second client is further configured to The download information downloads the credential management program, wherein the credential management program stores the action credential. 如申請專利範圍第3項所述之以有效憑證線上申請行動憑證之系統,其中該憑證管理伺服器是以電子郵件傳送該下載資訊,其中該下載資訊包含藉以下載該憑證管理程式之下載連結或QR code。The system for applying for an action voucher online with a valid voucher as described in claim 3, wherein the voucher management server transmits the download information by e-mail, wherein the download information includes a download link for downloading the credential management program or QR code. 如申請專利範圍第1項所述之以有效憑證線上申請行動憑證之系統,其中該憑證管理伺服器更用以判斷產生該行動憑證之註冊資料之時間與接收該確認資料之時間的時間差是否符合一預定值,並於產生該行動憑證之註冊資料之時間與接收該確認資料之時間的時間差符合該預定值時,傳送該行動憑證至該第二客戶端。The system for applying for an action voucher online with a valid voucher as described in claim 1 of the patent application, wherein the voucher management server is further configured to determine whether the time difference between the time when the registration data of the action voucher is generated and the time when the confirmation data is received is met And a predetermined value, and when the time difference between the time when the registration data of the action certificate is generated and the time when the confirmation data is received meets the predetermined value, the action certificate is transmitted to the second client. 如申請專利範圍第1項所述之以有效憑證線上申請行動憑證之系統,其中該第二客戶端為行動裝置。The system for applying for an action certificate online with a valid voucher as described in item 1 of the patent application, wherein the second client is a mobile device. 如申請專利範圍第1項所述之以有效憑證線上申請行動憑證之系統,其中該驗證資料包含一認證碼及一驗證密碼。The system for applying for a mobile action voucher on a valid voucher as described in claim 1 of the patent application, wherein the verification data includes an authentication code and a verification password. 一種以有效憑證線上申請行動憑證之系統,該系統至少包含: 一客戶端,用以提供一有效憑證及傳送一憑證請求檔; 一入口伺服器,用以提供該客戶端連線; 一驗證伺服器; 至少一註冊伺服器,每一該註冊伺服器用以透過該驗證伺服器驗證由該入口伺服器引導該客戶端傳送至該註冊伺服器之該有效憑證,及用以於該有效憑證通過驗證時,提供該客戶端輸入一申請人資料及一驗證資料,並透過該客戶端使用該有效憑證對一憑證申請資料簽章以產生一憑證申請簽章,其中,該憑證申請資料包含該申請者資料及該驗證資料;及 一憑證管理伺服器,用以接收一該註冊伺服器傳送之該憑證申請資料及該憑證申請簽章,並依據該憑證申請簽章驗證該憑證申請資料,及用以依據該憑證申請資料產生一行動憑證之一註冊資料,並判斷該客戶端所傳送之該確認資料與該憑證申請資料相符時,依據該客戶端所傳送之憑證請求檔產生該行動憑證,並傳送該行動憑證至該客戶端。A system for applying for an action voucher on a valid voucher line, the system comprising at least: a client for providing a valid voucher and transmitting a voucher request file; an entry server for providing the client connection; and a verification servo At least one registration server, each of the registration servers is configured to verify, by the verification server, the valid certificate that is transmitted by the portal server to the registration server, and is used to pass the valid certificate At the time of verification, the client is provided with an applicant data and a verification data, and the voucher application signature is generated by the client using the valid voucher to generate a voucher application signature, wherein the voucher application material includes the application And the verification information; and a voucher management server, configured to receive the voucher application information and the voucher application signature transmitted by the registration server, and apply for signature verification of the voucher application data according to the voucher, and use Generating a registration data according to the voucher application data, and determining the confirmation money transmitted by the client When applying for the certificate matches the data, according to the documents transmitted to the client certificate request file to generate the action and send the voucher to the client action. 如申請專利範圍第8項所述之以有效憑證線上申請行動憑證之系統,其中該入口伺服器更用以提供該客戶端選擇該註冊伺服器,並引導該客戶端傳送該有效憑證至該註冊伺服器。The system for applying for an action voucher on a valid voucher as described in claim 8 of the patent application, wherein the portal server is further configured to provide the client to select the registration server, and direct the client to transmit the valid credential to the registration server. 如申請專利範圍第8項所述之以有效憑證線上申請行動憑證之系統,其中該客戶端更用以執行一合作應用程式,該合作應用程式用以顯示一使用者介面,該使用者介面用以提供輸入該申請人資料及該驗證資料。The system for applying for a mobile voucher on a valid voucher as described in claim 8 wherein the client is further configured to execute a collaborative application for displaying a user interface, the user interface To provide input of the applicant's information and the verification information.
TW104206632U 2015-04-30 2015-04-30 System of applying mobile certificate online by valid certificate TWM504991U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW104206632U TWM504991U (en) 2015-04-30 2015-04-30 System of applying mobile certificate online by valid certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW104206632U TWM504991U (en) 2015-04-30 2015-04-30 System of applying mobile certificate online by valid certificate

Publications (1)

Publication Number Publication Date
TWM504991U true TWM504991U (en) 2015-07-11

Family

ID=54152822

Family Applications (1)

Application Number Title Priority Date Filing Date
TW104206632U TWM504991U (en) 2015-04-30 2015-04-30 System of applying mobile certificate online by valid certificate

Country Status (1)

Country Link
TW (1) TWM504991U (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI711975B (en) * 2017-03-29 2020-12-01 楊建綱 Multi-dimensional barcode mobile identity authentication method and authentication server mechanism
TWI787655B (en) * 2020-09-26 2022-12-21 臺灣網路認證股份有限公司 System for identification based on comparing id photo and live photo and method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI711975B (en) * 2017-03-29 2020-12-01 楊建綱 Multi-dimensional barcode mobile identity authentication method and authentication server mechanism
TWI787655B (en) * 2020-09-26 2022-12-21 臺灣網路認證股份有限公司 System for identification based on comparing id photo and live photo and method thereof

Similar Documents

Publication Publication Date Title
US11689370B2 (en) Dynamic management and implementation of consent and permissioning protocols using container-based applications
KR101883156B1 (en) System and method for authentication, user terminal, authentication server and service server for executing the same
US9165291B1 (en) Payment transaction by email
CN105608577B (en) Method for realizing non-repudiation, payment management server and user terminal thereof
US20170249633A1 (en) One-Time Use Password Systems And Methods
CA2862334C (en) Applications login using a mechanism relating sub-tokens to the quality of a master token
TWI526037B (en) Method and system for abstrcted and randomized one-time use passwords for transactional authentication
US8549602B2 (en) System and method for handling permits for user authentication tokens
US9094212B2 (en) Multi-server authentication token data exchange
US9756040B2 (en) User authentication method with enhanced security
US11855978B2 (en) Sharing credentials
US20130262303A1 (en) Secure transactions with a mobile device
CN102158488B (en) Dynamic countersign generation method and device and authentication method and system
TR201810238T4 (en) The appropriate authentication method and apparatus for the user using a mobile authentication application.
KR20130107188A (en) Server and method for authentication using sound code
US9124571B1 (en) Network authentication method for secure user identity verification
US20190149541A1 (en) Systems and methods for performing biometric registration and authentication of a user to provide access to a secure network
KR20150106198A (en) Method, server and device for certification
US10867326B2 (en) Reputation system and method
TWI600308B (en) System for using valid certificate to apply mobile certificate online and method thereof
JP2007272600A (en) Personal authentication method, system and program associated with environment authentication
JP5707204B2 (en) Identification system and identification method
TWM504991U (en) System of applying mobile certificate online by valid certificate
EP2916509A1 (en) Network authentication method for secure user identity verification
TWI771696B (en) Identity authentication system and method

Legal Events

Date Code Title Description
MM4K Annulment or lapse of a utility model due to non-payment of fees